Error: feature not enabled on current Vault version. min version required=1.15.0

faseyiks · February 17, 2024, 10:23am

I am seeing this error when trying to deploy SAML to enterprise vault with Terraform. Our vault cluster is at 1.15.5, yet terraform is unable to determine the version and spits out this error.

terraform.exe apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # vault_saml_auth_backend.main will be created
  + resource "vault_saml_auth_backend" "main" {
      + acs_urls         = [
          + "<redacted>=Vault",
          + "https://<redacted>:8200/auth/saml/callback",
          + "https://<redacted>POC/auth/saml/callback",
        ]
      + default_role     = "admin"
      + disable_remount  = false
      + entity_id        = "<redacted>"
      + id               = (known after apply)
      + idp_metadata_url = "<redacted>xml"
      + path             = "saml-mfa"
      + verbose_logging  = false
    }

  # vault_saml_auth_backend_role.role will be created
  + resource "vault_saml_auth_backend_role" "role" {
      + bound_attributes      = {
          + "group" = "admin"
        }
      + bound_attributes_type = (known after apply)
      + bound_subjects        = [
          + "*<redacted>",
        ]
      + bound_subjects_type   = "glob"
      + groups_attribute      = "groups"
      + id                    = (known after apply)
      + name                  = "admin"
      + path                  = "saml-mfa"
      + token_policies        = [
          + "operator",
        ]
      + token_ttl             = 86400
      + token_type            = "default"
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

vault_saml_auth_backend.main: Creating...
╷
│ Error: feature not enabled on current Vault version. min version required=1.15.0; current vault version=<nil>
│
│   with vault_saml_auth_backend.main,
│   on main.tf line 8, in resource "vault_saml_auth_backend" "main":
│    8: resource "vault_saml_auth_backend" "main" {
│
╵

$ vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    5
Threshold       3
Version         1.15.5+ent.hsm.fips1402
Build Date      2024-01-26T21:04:45Z
Storage Type    consul
Cluster Name    vault-cluster-bd81fe48
Cluster ID      <redacted>
HA Enabled      true
HA Cluster      <redacted>
HA Mode         active
Active Since    2024-02-15T16:18:31.634183816Z
Last WAL        262742
$

faseyiks · February 17, 2024, 9:44pm

It would seem that the problem is related to the load balancer that fronts the Vault cluster. Thi is what I suspect.

system · August 15, 2024, 9:45pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Azurerm_key_vault_secret --> InnerError={"code":"ForbiddenByRbac"} Azure vault , azure	1	1199	July 16, 2023
Terraform Enterprise v202404-2 (764) Release Notifications terraform-enterprise	0	65	June 4, 2024
SSL Certificates key_vault_secret_id not recognised Terraform	0	627	June 12, 2020
Terraform Vault Provider is throwing "missing token" error even though a valid token was provided Terraform Providers vault	2	1296	June 3, 2022
VSCode: Flagging azuread_service_principal resource as missing required attribute application_id Terraform Editor Integrations azure	2	442	October 27, 2023

Error: feature not enabled on current Vault version. min version required=1.15.0

Related topics